Auditing, Monitoring, Intrusion Prevention, Detection, and Penetration Testing
The network vulnerability is a major security weakness that allows an attacker reducing computer information assurance. Vulnerability intersects three elements: a system flaw, the attacker is having access to the flaw, and ability to exploit the flaw. Thus, a security risk is classified as a vulnerability that is tied to a great significant loss. The vulnerability can erode data confidential, system integrity and availability of data.
The objective of this study is to carry out analysis of two research articles that discusses the network vulnerabilities in the IT environment. (Jackson, et al.2008, Sommer, et al. 2003). Both articles believe that attackers exploit the network vulnerabilities to inflict damages in the information systems. Moreover, the two articles agree that the traditional securities such as network IDS (intrusion detection system) (Sommer, et al. 2003) and DNS pinning (Jackson, et al.2008) are no more effective in guiding against the network vulnerabilities, and recommends effective security strategies to protect the information systems.
Summary of Article 1
This study provides the critics of the article titled "Protecting Browsers from DNS Rebinding Attacks" (Jackson, Barth, Bortz, Shao, et al. 2008 p 1). The authors identify the DNS rebinding attacks as one of the vulnerabilities of the network attacks used to subvert the "browsers and convert them into open network proxies." (Jackson, et al. 2008 p 1). In other words, the DNS rebinding attack has been identified as the core security against the internet browsers used to hijack IP address and circumvent firewalls.
Typically, hackers can use the tactics to circumvent firewall by sending the email spam as well as defrauding the PPP (pay per click) adverts. The authors also reveal that an attacker can highjack 100,000 IP addresses with less than $100. The article argues that DNS rebinding attacks and subversion are real in a real world, and can be used to penetrate browsers, Flash, and Adobe, which can have serious security implications on Web 2.0 application packing more action and code on the client. Thus, relying on the only firewall for protection is risky since attackers can subvert the firewall with the DNS rebinding attacks. The authors also explain in-depth the strategy that attackers use in manipulating the multimedia plug-ins, which include Flash Player, Microsoft Silverlight and Java bypassing the security systems of the browsers such as Mozilla Firefox, Internet Explorer, Opera, and Safari.
According to the study, the DNS rebinding attacks are able to confuse the browser and converting the browsers into open proxies. With DNS rebinding, attackers can circumvent the firewalls in order to spider the corporate intranets, compromised the unpatched internal machines, and infiltrate sensitive documents. Jackson, et al. (2008) further reveal that an attacker can send spam emails to hijack the IPs, frame clients, and commit click frauds. Thus, the DNS vulnerabilities allow attackers to write and read the network sockets, and use the Javascript-based botnets to send the HTTP requests. The authors also point out that an attacker only needs to create a website to launch an attack, and the strategy is by using the website to attract the web traffic using the DNS queries to launch the malicious Javascript to circumvent the firewall.
Jackson et al. (2008) argue that attackers can circumvent firewall by launching a request on the website, rebinding the hostname of the target server making it inaccessible to the public internet. The strategy will confuse the browser and make it thinking that the two servers are from the same source because they share the same host name. When the DNS Rebinding bypasses the firewall, it will take over the entire system and affect every file of the target network.
The authors also discuss the strategy that attackers can employ in hijacking the IP. The method is by using the DNS attack against the machine to make them inaccessible to the legitimate users. Moreover, the attacker can explicitly and implicitly abuse the public services to masquerade as...
Securities Regulation SECURITIES REGULARIZATIONS IN NON-PROFIT ORGANIZATIONS The ensuring of the fact that an organization is working as per regulations and is following the code of conduct, while keeping the interest of the public first, are matters which are becoming more and more complicated with the passage of time. Therefore, it can be said with some emphasis, that today one of the most basic issues of many organizations is the issue of
Security Management Strategies for Increasing Security Employee Retention Design Effective Job Characteristic Model Skill Variety Task Identity and Task Significance Autonomy and Feedback Meeting Expectations Market Competitive Package Strategies for Increasing Security Employee Retention Security employees constitute the most important component of organizational workforce. It is because; they ensure the core survival of organization and its assets. However, the ironic fact is the security employees are considered blue collar workers and their compensation packages are low (Hodson & Sullivan,
Security for Networks With Internet Access The continual process of enterprise risk management (ERM) has become an integral component of successful organizational assessment, because the process of accurately identifying various risk factors, and interpreting their potential advantages and disadvantages, ensures that a business remains capable of anticipating and addressing internal and external contingencies. The following ERM implementation plan for the security of internet-accessible networks is intended to provide a navigable framework
(Gartenberg, 2005) Like all other aspects of business today, security systems often prove to be highly complex and hard (even for the participants) to identify. The culture of an organization is like the culture of a family, a community, or a nation: Because it surrounds the people in it they often have a great deal of difficulty in recognizing to what extent policies and procedures arise from the constraints of culture
Security in Cloud Computing Security issues associated with the cloud Cloud Security Controls Deterrent Controls Preventative Controls Corrective Controls Detective Controls Dimensions of cloud security Security and privacy Compliance Business continuity and data recovery Logs and audit trails Legal and contractual issues Public records The identified shortcomings in the cloud computing services and established opportunities for growth regarding security aspects are discussed in the current research. The security of services is regarded as the first obstacle. The opportunity for growth is provided as combination
This is sensitive information that should be securely stored. The records contain confidential information that could be used in identity theft. The records should be securely stored either in soft copy or hard copy. Only authorized personnel should have access to these records. Audit trails should be installed to keep track of the personnel who access the records. The authorized personnel should be analyzed and background checks conducted. Strict
Our semester plans gives you unlimited, unrestricted access to our entire library of resources —writing tools, guides, example essays, tutorials, class notes, and more.
Get Started Now